On Tue, Nov 1, 2016 at 12:15 PM, Ayesha Dissanayaka <[email protected]> wrote:
> Hi all, > > Related not being able to login without userstore name, > with further debugging, identified that below exception is thrown at [1] > >> java.security.PrivilegedActionException: >> org.wso2.carbon.user.core.UserStoreException: >> Error when handling event : PRE_AUTHENTICATION >> at java.security.AccessController.doPrivileged(Native Method) >> at org.wso2.carbon.user.core.common.AbstractUserStoreManager. >> authenticate(AbstractUserStoreManager.java:463) >> at org.wso2.carbon.user.core.common.AbstractUserStoreManager$3. >> run(AbstractUserStoreManager.java:451) >> at org.wso2.carbon.user.core.common.AbstractUserStoreManager$3. >> run(AbstractUserStoreManager.java:442) >> at java.security.AccessController.doPrivileged(Native Method) >> at org.wso2.carbon.user.core.common.AbstractUserStoreManager. >> authenticate(AbstractUserStoreManager.java:442) >> at org.wso2.carbon.identity.application.authenticator. >> basicauth.BasicAuthenticator.processAuthenticationResponse( >> BasicAuthenticator.java:269) >> at org.wso2.carbon.identity.application.authentication.framework. >> AbstractApplicationAuthenticator.process(AbstractApplicationAuthenticat >> or.java:69) >> at org.wso2.carbon.identity.application.authenticator. >> basicauth.BasicAuthenticator.process(BasicAuthenticator.java:82) >> at org.wso2.carbon.identity.application.authentication. >> framework.handler.step.impl.DefaultStepHandler.doAuthentication( >> DefaultStepHandler.java:465) >> at org.wso2.carbon.identity.application.authentication. >> framework.handler.step.impl.DefaultStepHandler.handleResponse( >> DefaultStepHandler.java:439) >> at org.wso2.carbon.identity.application.authentication. >> framework.handler.step.impl.DefaultStepHandler.handle( >> DefaultStepHandler.java:143) >> at org.wso2.carbon.identity.application.authentication. >> framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handle( >> DefaultStepBasedSequenceHandler.java:173) >> at org.wso2.carbon.identity.application.authentication. >> framework.handler.request.impl.DefaultAuthenticationRequestHa >> ndler.handle(DefaultAuthenticationRequestHandler.java:122) >> at org.wso2.carbon.identity.application.authentication. >> framework.handler.request.impl.DefaultRequestCoordinator.handle( >> DefaultRequestCoordinator.java:138) >> at org.wso2.carbon.identity.application.authentication.framework. >> CommonAuthenticationHandler.doPost(CommonAuthenticationHandler.java:46) >> at org.wso2.carbon.identity.application.authentication.framework. >> CommonAuthenticationHandler.doGet(CommonAuthenticationHandler.java:37) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet. >> sendRequestToFramework(SAMLSSOProviderServlet.java:995) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet. >> handleRequest(SAMLSSOProviderServlet.java:159) >> at org.wso2.carbon.identity.sso.saml.servlet. >> SAMLSSOProviderServlet.doPost(SAMLSSOProviderServlet.java:107) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service( >> ContextPathServletAdaptor.java:37) >> at org.eclipse.equinox.http.servlet.internal. >> ServletRegistration.service(ServletRegistration.java:61) >> at org.eclipse.equinox.http.servlet.internal.ProxyServlet. >> processAlias(ProxyServlet.java:128) >> at org.eclipse.equinox.http.servlet.internal.ProxyServlet. >> service(ProxyServlet.java:60) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet. >> service(DelegationServlet.java:68) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( >> ApplicationFilterChain.java:303) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter( >> ApplicationFilterChain.java:208) >> at org.apache.tomcat.websocket.server.WsFilter.doFilter( >> WsFilter.java:52) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( >> ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter( >> ApplicationFilterChain.java:208) >> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter( >> HttpHeaderSecurityFilter.java:120) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( >> ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter( >> ApplicationFilterChain.java:208) >> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter. >> doFilter(CharacterSetFilter.java:61) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( >> ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter( >> ApplicationFilterChain.java:208) >> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter( >> HttpHeaderSecurityFilter.java:120) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( >> ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter( >> ApplicationFilterChain.java:208) >> at org.apache.catalina.core.StandardWrapperValve.invoke( >> StandardWrapperValve.java:218) >> at org.apache.catalina.core.StandardContextValve.invoke( >> StandardContextValve.java:122) >> at org.apache.catalina.authenticator.AuthenticatorBase.invoke( >> AuthenticatorBase.java:505) >> at org.apache.catalina.core.StandardHostValve.invoke( >> StandardHostValve.java:169) >> at org.apache.catalina.valves.ErrorReportValve.invoke( >> ErrorReportValve.java:103) >> at org.wso2.carbon.tomcat.ext.valves.CompositeValve. >> continueInvocation(CompositeValve.java:99) >> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1. >> invoke(CarbonTomcatValve.java:47) >> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke( >> TenantLazyLoaderValve.java:57) >> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer. >> invokeValves(TomcatValveContainer.java:47) >> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke( >> CompositeValve.java:62) >> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValv >> e.invoke(CarbonStuckThreadDetectionValve.java:159) >> at org.apache.catalina.valves.AccessLogValve.invoke( >> AccessLogValve.java:956) >> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. >> invoke(CarbonContextCreatorValve.java:57) >> at org.apache.catalina.core.StandardEngineValve.invoke( >> StandardEngineValve.java:116) >> at org.apache.catalina.connector.CoyoteAdapter.service( >> CoyoteAdapter.java:442) >> at org.apache.coyote.http11.AbstractHttp11Processor.process( >> AbstractHttp11Processor.java:1082) >> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler. >> process(AbstractProtocol.java:623) >> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor. >> doRun(NioEndpoint.java:1756) >> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor. >> run(NioEndpoint.java:1715) >> at java.util.concurrent.ThreadPoolExecutor.runWorker( >> ThreadPoolExecutor.java:1145) >> at java.util.concurrent.ThreadPoolExecutor$Worker.run( >> ThreadPoolExecutor.java:615) >> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run( >> TaskThread.java:61) >> at java.lang.Thread.run(Thread.java:745) >> Caused by: org.wso2.carbon.user.core.UserStoreException: Error when >> handling event : PRE_AUTHENTICATION >> at org.wso2.carbon.identity.governance.listener. >> IdentityMgtEventListener.handleEvent(IdentityMgtEventListener.java:612) >> at org.wso2.carbon.identity.governance.listener. >> IdentityMgtEventListener.handleEvent(IdentityMgtEventListener.java:548) >> at org.wso2.carbon.identity.governance.listener. >> IdentityMgtEventListener.doPreAuthenticate(IdentityMgtEventListener.java: >> 84) >> at org.wso2.carbon.user.core.common.AbstractUserStoreManager. >> authenticateInternal(AbstractUserStoreManager.java:505) >> at org.wso2.carbon.user.core.common.AbstractUserStoreManager. >> access$100(AbstractUserStoreManager.java:71) >> at org.wso2.carbon.user.core.common.AbstractUserStoreManager$4. >> run(AbstractUserStoreManager.java:466) >> at org.wso2.carbon.user.core.common.AbstractUserStoreManager$4. >> run(AbstractUserStoreManager.java:463) >> ... 65 more >> Caused by: org.wso2.carbon.identity.event.IdentityEventException: Error >> while retrieving account lock claim value >> at org.wso2.carbon.identity.recovery.handler. >> AccountConfirmationValidationHandler.handleEvent( >> AccountConfirmationValidationHandler.java:80) >> at org.wso2.carbon.identity.event.services.IdentityEventServiceImpl. >> handleEvent(IdentityEventServiceImpl.java:56) >> at org.wso2.carbon.identity.governance.listener. >> IdentityMgtEventListener.handleEvent(IdentityMgtEventListener.java:599) >> ... 71 more >> Caused by: org.wso2.carbon.user.core.UserStoreException: UserNotFound: >> User pushdoes not exist in: PRIMARY >> at org.wso2.carbon.user.core.common.AbstractUserStoreManager. >> callSecure(AbstractUserStoreManager.java:168) >> at org.wso2.carbon.user.core.common.AbstractUserStoreManager. >> getUserClaimValue(AbstractUserStoreManager.java:580) >> at org.wso2.carbon.identity.recovery.handler. >> AccountConfirmationValidationHandler.handleEvent( >> AccountConfirmationValidationHandler.java:78) >> ... 73 more >> Caused by: java.security.PrivilegedActionException: java.lang.reflect. >> InvocationTargetException >> at java.security.AccessController.doPrivileged(Native Method) >> at org.wso2.carbon.user.core.common.AbstractUserStoreManager. >> callSecure(AbstractUserStoreManager.java:158) >> ... 75 more >> Caused by: java.lang.reflect.InvocationTargetException >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at sun.reflect.NativeMethodAccessorImpl.invoke( >> NativeMethodAccessorImpl.java:57) >> at sun.reflect.DelegatingMethodAccessorImpl.invoke( >> DelegatingMethodAccessorImpl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:606) >> at org.wso2.carbon.user.core.common.AbstractUserStoreManager$2. >> run(AbstractUserStoreManager.java:161) >> ... 77 more >> Caused by: org.wso2.carbon.user.core.UserStoreException: UserNotFound: >> User pushdoes not exist in: PRIMARY >> at org.wso2.carbon.user.core.common.AbstractUserStoreManager. >> getUserClaimValue(AbstractUserStoreManager.java:594) >> ... 82 more >> > > > - AccountConfirmationValidationHandler[2] tries to verify whether the > user-account is locked when handling PRE_AUTHENTICATION.When trying to > retrieve account lock claim an exception is thrown and it terminates the > authentication flow. User is only searched within PRIMARY user store. > > Can we check this behaviour with IS 5.2.0? Ideally if we haven't given the userstore domain when logging in, we have to search through all the userstores. > > - When AccountConfirmationValidationHandler is disabled I am able to > login to dashboard without userstore domain name. > > > - The other concern is checking for account lock claim of a particular > user before authenticate will block users with same name in secondary users > stores getting authenticated > > I think the way it works in previous version is we check the accountLock claim only after authentication. Has that changed now? > > - > > What is the best way to handle this scenarios? > @Isura: please give your feedback. > [1] https://github.com/wso2/carbon-kernel/blob/release-4. > 4.9/core/org.wso2.carbon.user.core/src/main/java/org/wso2/ > carbon/user/core/common/AbstractUserStoreManager.java#L476 > [2] https://github.com/wso2-extensions/identity-governance/blob/master/ > components/org.wso2.carbon.identity.recovery/src/main/ > java/org/wso2/carbon/identity/recovery/handler/ > AccountConfirmationValidationHandler.java#L72 > > Thanks! > -Ayesha > > > On Mon, Oct 31, 2016 at 1:55 PM, Ayesha Dissanayaka <[email protected]> > wrote: > >> >> On Fri, Oct 28, 2016 at 6:02 PM, Darshana Gunawardana <[email protected]> >> wrote: >> >>> >>> This should be possible. Are you getting any errors in UI or in console? >>> If not can you enable debug logs in user.core and see any error getting >>> printed? >>> >> >> No errors in the backend. >> >> In the UI it shows below error message. >> >> "Login failed! Please recheck the username and password and try again." >> >> When I try "TEST/ayesha" as username, I can login. >> >> I have enabled debug logs for user core and below are the logs in two >> cases. >> >> *without userstore name, username only "ayesha"* >> >>> [2016-10-31 13:35:22,837] DEBUG {org.wso2.carbon.user.core.lda >>> p.ReadOnlyLDAPUserStoreManager} - Searching for user ayesha003 >>> [2016-10-31 13:35:22,844] DEBUG {org.wso2.carbon.user.core.lda >>> p.ReadOnlyLDAPUserStoreManager} - Searching for user with >>> SearchFilter: (&(objectClass=person)(uid=ayesha003)) in SearchBase: >>> [2016-10-31 13:35:22,855] DEBUG {org.wso2.carbon.user.core.lda >>> p.ReadOnlyLDAPUserStoreManager} - Name in space for ayesha003 is null >>> [2016-10-31 13:35:22,856] DEBUG {org.wso2.carbon.user.core.lda >>> p.ReadOnlyLDAPUserStoreManager} - User: ayesha003 exist: false >>> [2016-10-31 13:35:22,863] DEBUG {org.wso2.carbon.user.core.lda >>> p.ReadOnlyLDAPUserStoreManager} - Searching for user ayesha003 >>> [2016-10-31 13:35:22,866] DEBUG {org.wso2.carbon.user.core.lda >>> p.ReadOnlyLDAPUserStoreManager} - Searching for user with >>> SearchFilter: (&(objectClass=person)(uid=ayesha003)) in SearchBase: >>> [2016-10-31 13:35:22,870] DEBUG {org.wso2.carbon.user.core.lda >>> p.ReadOnlyLDAPUserStoreManager} - Name in space for ayesha003 is null >>> [2016-10-31 13:35:22,870] DEBUG {org.wso2.carbon.user.core.lda >>> p.ReadOnlyLDAPUserStoreManager} - User: ayesha003 exist: false >>> >> >> >> *with userstore name "TEST2/ayesha"* >>> >>> *[2016-10-31 13:36:10,657] DEBUG >>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching >>> for user ayesha003* >>> *[2016-10-31 13:36:10,663] DEBUG >>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching >>> for user with SearchFilter: (&(objectClass=person)(uid=ayesha003)) in >>> SearchBase: * >>> *[2016-10-31 13:36:10,666] DEBUG >>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - *Name >>> in space for ayesha003 is uid=ayesha003,ou=Users,dc=wso2,dc=org >>> *[2016-10-31 13:36:10,666] DEBUG >>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User: >>> ayesha003 exist: true* >>> *[2016-10-31 13:36:10,666] DEBUG >>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching >>> for user ayesha003* >>> *[2016-10-31 13:36:10,667] DEBUG >>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - value >>> after escaping special characters in ayesha003 : ayesha003* >>> *[2016-10-31 13:36:10,667] DEBUG >>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User: >>> ayesha003 exist: true* >>> *[2016-10-31 13:36:10,684] DEBUG >>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching >>> for user with SearchFilter: (&(objectClass=person)(uid=ayesha003)) in >>> SearchBase:* >> >> >> Created https://wso2.org/jira/browse/IDENTITY-5291 to track this. >> >> Thanks! >> -Ayesha >> >> -- >> *Ayesha Dissanayaka* >> Software Engineer, >> WSO2, Inc : http://wso2.com >> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >> 20, Palmgrove Avenue, Colombo 3 >> E-Mail: [email protected] <[email protected]> >> > > > > -- > *Ayesha Dissanayaka* > Software Engineer, > WSO2, Inc : http://wso2.com > <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> > 20, Palmgrove Avenue, Colombo 3 > E-Mail: [email protected] <[email protected]> > -- Thanks & Regards, *Johann Dilantha Nallathamby* Technical Lead & Product Lead of WSO2 Identity Server Governance Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
